Use OPENSSL_secure_clear_free for secure mem BIOs and X25519 private keys

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4044)

2 files changed, 3 insertions, 3 deletions

diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index ad7128a732..f3f8a1b55c 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -47,7 +47,7 @@ void BUF_MEM_free(BUF_MEM *a)
 
     if (a->data != NULL) {
         if (a->flags & BUF_MEM_FLAG_SECURE)
-            OPENSSL_secure_free(a->data);
+            OPENSSL_secure_clear_free(a->data, a->max);
         else
             OPENSSL_clear_free(a->data, a->max);
     }
@@ -64,7 +64,7 @@ static char *sec_alloc_realloc(BUF_MEM *str, size_t len)
     if (str->data != NULL) {
         if (ret != NULL) {
             memcpy(ret, str->data, str->length);
-            OPENSSL_secure_free(str->data);
+            OPENSSL_secure_clear_free(str->data, str->length);
             str->data = NULL;
         }
     }
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index b001196309..4f7cfec728 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -220,7 +220,7 @@ static void ecx_free(EVP_PKEY *pkey)
     X25519_KEY *xkey = pkey->pkey.ptr;
 
     if (xkey)
-        OPENSSL_secure_free(xkey->privkey);
+        OPENSSL_secure_clear_free(xkey->privkey, X25519_KEYLEN);
     OPENSSL_free(xkey);
 }